LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS
Bug #1547927 reported by
dog
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap (Ubuntu) |
Expired
|
Medium
|
Unassigned |
Bug Description
Tested with vivid and wily...
also logged with openldap as http://
The handling of the LDAP_OPT_
between servers accessed via ldaps:// and ldap:// (plus STARTTLS) URIs.
When accessing server with a self-signed certificate, the results are:
ldaps://
never OK
hard Error: can't contact LDAP server
demand Error: can't contact LDAP server
allow OK
try Error: can't contact LDAP server
ldap:// plus explicit ldap_start_tls_s()
never OK
hard OK
demand OK
allow OK
try OK
tags: | added: vivid wily |
Changed in openldap (Ubuntu): | |
importance: | Undecided → Medium |
Changed in openldap (Ubuntu): | |
status: | Incomplete → New |
To post a comment you must log in.
Oh, and if you're wondering, the ldaps:// results are the correct ones: an untrusted CA (self signed) should be rejected.